github.com/Racer159/jackal@v0.32.7-0.20240401174413-0bd2339e4f2e/src/test/e2e/20_jackal_init_test.go (about) 1 // SPDX-License-Identifier: Apache-2.0 2 // SPDX-FileCopyrightText: 2021-Present The Jackal Authors 3 4 // Package test provides e2e tests for Jackal. 5 package test 6 7 import ( 8 "encoding/base64" 9 "fmt" 10 "runtime" 11 "testing" 12 13 "encoding/json" 14 15 "github.com/Racer159/jackal/src/types" 16 "github.com/stretchr/testify/require" 17 ) 18 19 func TestJackalInit(t *testing.T) { 20 t.Log("E2E: Jackal init") 21 e2e.SetupWithCluster(t) 22 23 initComponents := "logging,git-server" 24 // Add k3s component in appliance mode 25 if e2e.ApplianceMode { 26 initComponents = "k3s,logging,git-server" 27 } 28 29 initPackageVersion := e2e.GetJackalVersion(t) 30 31 var ( 32 mismatchedArch = e2e.GetMismatchedArch() 33 mismatchedInitPackage = fmt.Sprintf("jackal-init-%s-%s.tar.zst", mismatchedArch, initPackageVersion) 34 expectedErrorMessage = "unable to run component before action: command \"Check that the host architecture matches the package architecture\"" 35 ) 36 t.Cleanup(func() { 37 e2e.CleanFiles(mismatchedInitPackage) 38 }) 39 40 if runtime.GOOS == "linux" { 41 // Build init package with different arch than the cluster arch. 42 stdOut, stdErr, err := e2e.Jackal("package", "create", "src/test/packages/20-mismatched-arch-init", "--architecture", mismatchedArch, "--confirm") 43 require.NoError(t, err, stdOut, stdErr) 44 45 // Check that `jackal init` returns an error because of the mismatched architectures. 46 // We need to use the --architecture flag here to force jackal to find the package. 47 _, stdErr, err = e2e.Jackal("init", "--architecture", mismatchedArch, "--components=k3s", "--confirm") 48 require.Error(t, err, stdErr) 49 require.Contains(t, stdErr, expectedErrorMessage) 50 } 51 52 if !e2e.ApplianceMode { 53 // throw a pending pod into the cluster to ensure we can properly ignore them when selecting images 54 _, _, err := e2e.Kubectl("apply", "-f", "https://raw.githubusercontent.com/kubernetes/website/main/content/en/examples/pods/pod-with-node-affinity.yaml") 55 require.NoError(t, err) 56 } 57 58 // Check for any old secrets to ensure that they don't get saved in the init log 59 oldState := types.JackalState{} 60 base64State, _, err := e2e.Kubectl("get", "secret", "jackal-state", "-n", "jackal", "-o", "jsonpath={.data.state}") 61 if err == nil { 62 oldStateJSON, err := base64.StdEncoding.DecodeString(base64State) 63 require.NoError(t, err) 64 err = json.Unmarshal(oldStateJSON, &oldState) 65 require.NoError(t, err) 66 } 67 68 // run `jackal init` 69 _, initStdErr, err := e2e.Jackal("init", "--components="+initComponents, "--nodeport", "31337", "-l", "trace", "--confirm") 70 require.NoError(t, err) 71 require.Contains(t, initStdErr, "an inventory of all software contained in this package") 72 require.NotContains(t, initStdErr, "This package does NOT contain an SBOM. If you require an SBOM, please contact the creator of this package to request a version that includes an SBOM.") 73 74 logText := e2e.GetLogFileContents(t, e2e.StripMessageFormatting(initStdErr)) 75 76 // Verify that any state secrets were not included in the log 77 state := types.JackalState{} 78 base64State, _, err = e2e.Kubectl("get", "secret", "jackal-state", "-n", "jackal", "-o", "jsonpath={.data.state}") 79 require.NoError(t, err) 80 stateJSON, err := base64.StdEncoding.DecodeString(base64State) 81 require.NoError(t, err) 82 err = json.Unmarshal(stateJSON, &state) 83 require.NoError(t, err) 84 checkLogForSensitiveState(t, logText, state) 85 86 // Check the old state values as well (if they exist) to ensure they weren't printed and then updated during init 87 if oldState.LoggingSecret != "" { 88 checkLogForSensitiveState(t, logText, oldState) 89 } 90 91 if e2e.ApplianceMode { 92 // make sure that we upgraded `k3s` correctly and are running the correct version - this should match that found in `packages/distros/k3s` 93 kubeletVersion, _, err := e2e.Kubectl("get", "nodes", "-o", "jsonpath={.items[0].status.nodeInfo.kubeletVersion}") 94 require.NoError(t, err) 95 require.Contains(t, kubeletVersion, "v1.28.4+k3s2") 96 } 97 98 // Check that the registry is running on the correct NodePort 99 stdOut, _, err := e2e.Kubectl("get", "service", "-n", "jackal", "jackal-docker-registry", "-o=jsonpath='{.spec.ports[*].nodePort}'") 100 require.NoError(t, err) 101 require.Contains(t, stdOut, "31337") 102 103 // Check that the registry is running with the correct scale down policy 104 stdOut, _, err = e2e.Kubectl("get", "hpa", "-n", "jackal", "jackal-docker-registry", "-o=jsonpath='{.spec.behavior.scaleDown.selectPolicy}'") 105 require.NoError(t, err) 106 require.Contains(t, stdOut, "Min") 107 108 // Special sizing-hacking for reducing resources where Kind + CI eats a lot of free cycles (ignore errors) 109 _, _, _ = e2e.Kubectl("scale", "deploy", "-n", "kube-system", "coredns", "--replicas=1") 110 _, _, _ = e2e.Kubectl("scale", "deploy", "-n", "jackal", "agent-hook", "--replicas=1") 111 } 112 113 func checkLogForSensitiveState(t *testing.T, logText string, jackalState types.JackalState) { 114 require.NotContains(t, logText, jackalState.AgentTLS.CA) 115 require.NotContains(t, logText, string(jackalState.AgentTLS.CA)) 116 require.NotContains(t, logText, jackalState.AgentTLS.Cert) 117 require.NotContains(t, logText, string(jackalState.AgentTLS.Cert)) 118 require.NotContains(t, logText, jackalState.AgentTLS.Key) 119 require.NotContains(t, logText, string(jackalState.AgentTLS.Key)) 120 require.NotContains(t, logText, jackalState.ArtifactServer.PushToken) 121 require.NotContains(t, logText, jackalState.GitServer.PullPassword) 122 require.NotContains(t, logText, jackalState.GitServer.PushPassword) 123 require.NotContains(t, logText, jackalState.RegistryInfo.PullPassword) 124 require.NotContains(t, logText, jackalState.RegistryInfo.PushPassword) 125 require.NotContains(t, logText, jackalState.RegistryInfo.Secret) 126 require.NotContains(t, logText, jackalState.LoggingSecret) 127 }