github.com/verrazzano/verrazzano-monitoring-operator@v0.0.30/pkg/resources/ingresses/ingress_test.go (about) 1 // Copyright (C) 2020, 2022, Oracle and/or its affiliates. 2 // Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 4 package ingresses 5 6 import ( 7 "fmt" 8 "github.com/verrazzano/verrazzano-monitoring-operator/pkg/config" 9 "github.com/verrazzano/verrazzano-monitoring-operator/pkg/constants" 10 "github.com/verrazzano/verrazzano-monitoring-operator/pkg/resources" 11 netv1 "k8s.io/api/networking/v1" 12 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 13 "testing" 14 15 "github.com/stretchr/testify/assert" 16 vmcontrollerv1 "github.com/verrazzano/verrazzano-monitoring-operator/pkg/apis/vmcontroller/v1" 17 ) 18 19 func TestVMONoIngress(t *testing.T) { 20 vmo := &vmcontrollerv1.VerrazzanoMonitoringInstance{ 21 Spec: vmcontrollerv1.VerrazzanoMonitoringInstanceSpec{ 22 Grafana: vmcontrollerv1.Grafana{ 23 Enabled: true, 24 }, 25 Prometheus: vmcontrollerv1.Prometheus{ 26 Enabled: true, 27 }, 28 Kibana: vmcontrollerv1.Kibana{ 29 Enabled: true, 30 }, 31 Elasticsearch: vmcontrollerv1.Elasticsearch{ 32 Enabled: true, 33 }, 34 }, 35 } 36 ingresses, err := New(vmo, map[string]*netv1.Ingress{}) 37 if err != nil { 38 t.Error(err) 39 } 40 assert.Equal(t, 0, len(ingresses), "Length of generated Ingresses") 41 } 42 43 func TestVMOWithIngresses(t *testing.T) { 44 const vmiName = "test-vmi" 45 vmo := &vmcontrollerv1.VerrazzanoMonitoringInstance{ 46 Spec: vmcontrollerv1.VerrazzanoMonitoringInstanceSpec{ 47 SecretName: "secret", 48 URI: "example.com", 49 Grafana: vmcontrollerv1.Grafana{ 50 Enabled: true, 51 }, 52 Prometheus: vmcontrollerv1.Prometheus{ 53 Enabled: true, 54 }, 55 Elasticsearch: vmcontrollerv1.Elasticsearch{ 56 Enabled: true, 57 }, 58 }, 59 } 60 vmo.Name = vmiName 61 ingresses, err := New(vmo, map[string]*netv1.Ingress{}) 62 if err != nil { 63 t.Error(err) 64 } 65 assert.Equal(t, 3, len(ingresses), "Length of generated Ingresses") 66 assert.Equal(t, 1, len(ingresses[0].Spec.TLS), "Number of TLS elements in generated Ingress") 67 assert.Equal(t, 1, len(ingresses[0].Spec.TLS[0].Hosts), "Number of hosts in generated Ingress") 68 assert.Equal(t, "api.example.com", ingresses[0].Spec.TLS[0].Hosts[0], "TLS hosts") 69 assert.Equal(t, "grafana.example.com", ingresses[1].Spec.TLS[0].Hosts[0], "TLS hosts") 70 assert.Equal(t, "opensearch.example.com", ingresses[2].Spec.TLS[0].Hosts[0], "TLS hosts") 71 assert.Equal(t, vmiName+"-tls-api", ingresses[0].Spec.TLS[0].SecretName, "TLS secret") 72 assert.Equal(t, vmiName+"-tls-grafana", ingresses[1].Spec.TLS[0].SecretName, "TLS secret") 73 assert.Equal(t, vmiName+"-tls-os-ingest", ingresses[2].Spec.TLS[0].SecretName, "TLS secret") 74 assert.Equal(t, "basic", ingresses[0].Annotations["nginx.ingress.kubernetes.io/auth-type"], "Auth type") 75 assert.Equal(t, "secret", ingresses[0].Annotations["nginx.ingress.kubernetes.io/auth-secret"], "Auth secret") 76 assert.Equal(t, "example.com auth", ingresses[0].Annotations["nginx.ingress.kubernetes.io/auth-realm"], "Auth realm") 77 assert.Equal(t, "true", ingresses[0].Annotations["nginx.ingress.kubernetes.io/service-upstream"], "Service upstream") 78 assert.Equal(t, "${service_name}.${namespace}.svc.cluster.local", ingresses[0].Annotations["nginx.ingress.kubernetes.io/upstream-vhost"], "Upstream vhost") 79 assert.Equal(t, "api.example.com", ingresses[0].Annotations["cert-manager.io/common-name"], "TLS cert CN") 80 assert.Equal(t, "grafana.example.com", ingresses[1].Annotations["cert-manager.io/common-name"], "TLS cert CN") 81 assert.Equal(t, "opensearch.example.com", ingresses[2].Annotations["cert-manager.io/common-name"], "TLS cert CN") 82 assert.Equal(t, getIngressClassName(vmo), *ingresses[0].Spec.IngressClassName) 83 } 84 85 // TestToCreateRedirectIngresses creates a new OS and OSD ingresses with Redirects 86 // Tests VPO Upgrade scenario 87 func TestToCreateNewIngressesWithRedirects(t *testing.T) { 88 const vmiName = "system" 89 vmo := &vmcontrollerv1.VerrazzanoMonitoringInstance{ 90 Spec: vmcontrollerv1.VerrazzanoMonitoringInstanceSpec{ 91 SecretName: "secret", 92 URI: "example.com", 93 Kibana: vmcontrollerv1.Kibana{ 94 Enabled: true, 95 }, 96 Elasticsearch: vmcontrollerv1.Elasticsearch{ 97 Enabled: true, 98 }, 99 }, 100 } 101 vmo.Name = vmiName 102 ingressESHost := resources.OidcProxyIngressHost(vmo, &config.ElasticsearchIngest) 103 ingressESRule := resources.GetIngressRule(ingressESHost) 104 deprecatedESIngress := &netv1.Ingress{ 105 ObjectMeta: metav1.ObjectMeta{ 106 Name: fmt.Sprintf("%s%s-%s", constants.VMOServiceNamePrefix, vmo.Name, config.ElasticsearchIngest.Name), 107 Namespace: vmo.Namespace, 108 }, 109 Spec: netv1.IngressSpec{ 110 TLS: []netv1.IngressTLS{ 111 { 112 Hosts: []string{ingressESHost}, 113 SecretName: fmt.Sprintf("%s-tls-%s", vmo.Name, config.ElasticsearchIngest.Name), 114 }, 115 }, 116 Rules: []netv1.IngressRule{ingressESRule}, 117 }} 118 119 existingIngress := make(map[string]*netv1.Ingress) 120 existingIngress[resources.GetMetaName("system", config.ElasticsearchIngest.Name)] = deprecatedESIngress 121 122 ingressKibanaHost := resources.OidcProxyIngressHost(vmo, &config.Kibana) 123 ingressKibanaRule := resources.GetIngressRule(ingressKibanaHost) 124 deprecatedKibanaIngress := &netv1.Ingress{ 125 ObjectMeta: metav1.ObjectMeta{ 126 Name: fmt.Sprintf("%s%s-%s", constants.VMOServiceNamePrefix, vmo.Name, config.Kibana.Name), 127 Namespace: vmo.Namespace, 128 }, 129 Spec: netv1.IngressSpec{ 130 TLS: []netv1.IngressTLS{ 131 { 132 Hosts: []string{ingressKibanaHost}, 133 SecretName: fmt.Sprintf("%s-tls-%s", vmo.Name, config.Kibana.Name), 134 }, 135 }, 136 Rules: []netv1.IngressRule{ingressKibanaRule}, 137 }} 138 existingIngress[resources.GetMetaName("system", config.Kibana.Name)] = deprecatedKibanaIngress 139 ingresses, err := New(vmo, existingIngress) 140 if err != nil { 141 t.Error(err) 142 } 143 144 assert.Equal(t, 1, len(ingresses[2].Spec.Rules), "Length of Opensearch Ingress Rules") 145 assert.Equal(t, 1, len(ingresses[2].Spec.Rules), "Length of Opendashboards Ingress Rules") 146 assert.Equal(t, "api.example.com", ingresses[0].Spec.TLS[0].Hosts[0], "New Ingress TLS hosts") 147 assert.Equal(t, "osd.example.com", ingresses[1].Spec.TLS[0].Hosts[0], "New Ingress TLS hosts") 148 assert.Equal(t, "opensearch.example.com", ingresses[3].Spec.TLS[0].Hosts[0], "TLS hosts") 149 assert.Equal(t, "kibana.example.com", ingresses[2].Spec.TLS[0].Hosts[0], "Redirect Ingress TLS hosts") 150 assert.Equal(t, "elasticsearch.example.com", ingresses[4].Spec.TLS[0].Hosts[0], "Redirect Ingress TLS hosts") 151 assert.Equal(t, 5, len(ingresses), "Length of generated Ingresses") 152 assert.Equal(t, 1, len(ingresses[0].Spec.TLS), "Number of TLS elements in generated Ingress") 153 assert.Equal(t, 1, len(ingresses[0].Spec.TLS[0].Hosts), "Number of hosts in generated Ingress") 154 assert.Equal(t, vmiName+"-tls-api", ingresses[0].Spec.TLS[0].SecretName, "TLS secret") 155 assert.Equal(t, vmiName+"-tls-os-ingest", ingresses[3].Spec.TLS[0].SecretName, "TLS secret") 156 assert.Equal(t, vmiName+"-tls-osd", ingresses[1].Spec.TLS[0].SecretName, "TLS secret") 157 assert.Equal(t, vmiName+"-tls-os-redirect", ingresses[4].Spec.TLS[0].SecretName, "TLS secret") 158 assert.Equal(t, vmiName+"-tls-osd-redirect", ingresses[2].Spec.TLS[0].SecretName, "TLS secret") 159 assert.Equal(t, "basic", ingresses[0].Annotations["nginx.ingress.kubernetes.io/auth-type"], "Auth type") 160 assert.Equal(t, "secret", ingresses[0].Annotations["nginx.ingress.kubernetes.io/auth-secret"], "Auth secret") 161 assert.Equal(t, "example.com auth", ingresses[0].Annotations["nginx.ingress.kubernetes.io/auth-realm"], "Auth realm") 162 assert.Equal(t, "true", ingresses[0].Annotations["nginx.ingress.kubernetes.io/service-upstream"], "Service upstream") 163 assert.Equal(t, "${service_name}.${namespace}.svc.cluster.local", ingresses[0].Annotations["nginx.ingress.kubernetes.io/upstream-vhost"], "Upstream vhost") 164 assert.Equal(t, "api.example.com", ingresses[0].Annotations["cert-manager.io/common-name"], "TLS cert CN") 165 assert.Equal(t, "opensearch.example.com", ingresses[3].Annotations["cert-manager.io/common-name"], "TLS cert CN") 166 assert.Equal(t, "osd.example.com", ingresses[1].Annotations["cert-manager.io/common-name"], "TLS cert CN") 167 assert.Equal(t, getIngressClassName(vmo), *ingresses[0].Spec.IngressClassName) 168 } 169 170 func TestGetIngressClassName(t *testing.T) { 171 ingressClassName := "foobar" 172 vmo := &vmcontrollerv1.VerrazzanoMonitoringInstance{ 173 Spec: vmcontrollerv1.VerrazzanoMonitoringInstanceSpec{ 174 IngressClassName: &ingressClassName, 175 }, 176 } 177 assert.Equal(t, ingressClassName, getIngressClassName(vmo)) 178 } 179 180 func TestVMOWithCascadingDelete(t *testing.T) { 181 // With CascadingDelete 182 vmo := &vmcontrollerv1.VerrazzanoMonitoringInstance{ 183 Spec: vmcontrollerv1.VerrazzanoMonitoringInstanceSpec{ 184 CascadingDelete: true, 185 SecretName: "secret", 186 URI: "example.com", 187 Grafana: vmcontrollerv1.Grafana{ 188 Enabled: true, 189 }, 190 Prometheus: vmcontrollerv1.Prometheus{ 191 Enabled: true, 192 Replicas: 1, 193 }, 194 AlertManager: vmcontrollerv1.AlertManager{ 195 Enabled: true, 196 }, 197 Kibana: vmcontrollerv1.Kibana{ 198 Enabled: true, 199 }, 200 Elasticsearch: vmcontrollerv1.Elasticsearch{ 201 Enabled: true, 202 }, 203 }, 204 } 205 206 ingresses, err := New(vmo, map[string]*netv1.Ingress{}) 207 if err != nil { 208 t.Error(err) 209 } 210 assert.True(t, len(ingresses) > 0, "Non-zero length generated ingresses") 211 for _, ingress := range ingresses { 212 assert.Equal(t, 1, len(ingress.ObjectMeta.OwnerReferences), "OwnerReferences is not set with CascadingDelete true") 213 } 214 215 // Without CascadingDelete 216 vmo.Spec.CascadingDelete = false 217 ingresses, err = New(vmo, map[string]*netv1.Ingress{}) 218 if err != nil { 219 t.Error(err) 220 } 221 assert.True(t, len(ingresses) > 0, "Non-zero length generated ingresses") 222 for _, ingress := range ingresses { 223 assert.Equal(t, 0, len(ingress.ObjectMeta.OwnerReferences), "OwnerReferences is set even with CascadingDelete false") 224 } 225 }