github.com/verrazzano/verrazzano@v1.7.1/tests/e2e/update/fluentdextes/fluentdextes_test.go (about)

     1  // Copyright (c) 2022, 2023, Oracle and/or its affiliates.
     2  // Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
     3  
     4  package fluentdextes
     5  
     6  import (
     7  	"fmt"
     8  	"time"
     9  
    10  	. "github.com/onsi/ginkgo/v2"
    11  	"github.com/onsi/gomega"
    12  	"github.com/verrazzano/verrazzano/pkg/constants"
    13  	mcconst "github.com/verrazzano/verrazzano/pkg/mcconstants"
    14  	vzapi "github.com/verrazzano/verrazzano/platform-operator/apis/verrazzano/v1alpha1"
    15  	poconst "github.com/verrazzano/verrazzano/platform-operator/constants"
    16  	"github.com/verrazzano/verrazzano/tests/e2e/multicluster"
    17  	"github.com/verrazzano/verrazzano/tests/e2e/pkg"
    18  	"github.com/verrazzano/verrazzano/tests/e2e/pkg/test/framework"
    19  	"github.com/verrazzano/verrazzano/tests/e2e/pkg/update"
    20  	"github.com/verrazzano/verrazzano/tests/e2e/update/fluentd"
    21  	corev1 "k8s.io/api/core/v1"
    22  )
    23  
    24  var (
    25  	t                = framework.NewTestFramework("update fluentd external opensearch")
    26  	extOpensearchURL string
    27  	extOpensearchSec string
    28  	adminCluster     *multicluster.Cluster
    29  	managedClusters  []*multicluster.Cluster
    30  	orignalFluentd   *vzapi.FluentdComponent
    31  	waitTimeout      = 10 * time.Minute
    32  	pollingInterval  = 5 * time.Second
    33  )
    34  
    35  var beforeSuite = t.BeforeSuiteFunc(func() {
    36  	cr := update.GetCR()
    37  	orignalFluentd = cr.Spec.Components.Fluentd
    38  	if orignalFluentd != nil { //External Collector is enabled
    39  		extOpensearchURL = orignalFluentd.ElasticsearchURL
    40  		extOpensearchSec = orignalFluentd.ElasticsearchSecret
    41  	}
    42  	adminCluster = multicluster.AdminCluster()
    43  	managedClusters = multicluster.ManagedClusters()
    44  })
    45  
    46  var _ = BeforeSuite(beforeSuite)
    47  
    48  var afterSuite = t.AfterSuiteFunc(func() {
    49  	if extOpensearchURL != "" && extOpensearchURL != pkg.VmiESURL && extOpensearchSec != "" {
    50  		start := time.Now()
    51  		gomega.Eventually(func() bool {
    52  			return fluentd.ValidateDaemonset(extOpensearchURL, extOpensearchSec, "")
    53  		}, waitTimeout, pollingInterval).Should(gomega.BeTrue(), fmt.Sprintf("DaemonSet %s is not ready for %v", extOpensearchURL, time.Since(start)))
    54  	}
    55  })
    56  
    57  var _ = AfterSuite(afterSuite)
    58  
    59  var _ = t.Describe("Update Fluentd", Label("f:platform-lcm.update"), func() {
    60  	t.Describe("Update to default Opensearch", Label("f:platform-lcm.fluentd-default-opensearch"), func() {
    61  		t.It("default Opensearch", func() {
    62  			if orignalFluentd != nil { //External Collector is enabled
    63  				m := &fluentd.FluentdModifier{Component: vzapi.FluentdComponent{}}
    64  
    65  				start := time.Now()
    66  				fluentd.ValidateUpdate(m, "")
    67  
    68  				gomega.Eventually(func() bool {
    69  					return fluentd.ValidateDaemonset(pkg.VmiESURL, pkg.VmiESInternalSecret, "")
    70  				}, waitTimeout, pollingInterval).Should(gomega.BeTrue(), fmt.Sprintf("DaemonSet %s is not ready for %v", pkg.VmiESURL, time.Since(start)))
    71  			}
    72  		})
    73  	})
    74  	t.Describe("multicluster verify", Label("f:platform-lcm.multicluster-verify"), func() {
    75  		t.It("default ca-bundle", func() {
    76  			verifyCaSync("")
    77  		})
    78  	})
    79  	t.Describe("Update to external Opensearch", Label("f:platform-lcm.fluentd-external-opensearch"), func() {
    80  		t.It("external Opensearch", func() {
    81  			pkg.Log(pkg.Info, fmt.Sprintf("Update fluentd to use %v and %v", extOpensearchURL, extOpensearchSec))
    82  			if orignalFluentd != nil { //External Collector is enabled
    83  				m := &fluentd.FluentdModifier{Component: *orignalFluentd}
    84  				update.RetryUpdate(m, adminCluster.KubeConfigPath, false, pollingInterval, waitTimeout)
    85  
    86  				start := time.Now()
    87  				gomega.Eventually(func() bool {
    88  					return fluentd.ValidateDaemonset(extOpensearchURL, extOpensearchSec, "")
    89  				}, waitTimeout, pollingInterval).Should(gomega.BeTrue(), fmt.Sprintf("DaemonSet %s is not ready for %v", extOpensearchURL, time.Since(start)))
    90  				verifyCaSync(extOpensearchSec)
    91  			}
    92  		})
    93  	})
    94  })
    95  
    96  func verifyCaSync(esSec string) {
    97  	extEsCa := ""
    98  	if esSec != "" && esSec != pkg.VmiESInternalSecret {
    99  		bytes, _ := adminCluster.GetSecretData(poconst.VerrazzanoInstallNamespace, esSec, mcconst.FluentdESCaBundleKey)
   100  		if len(bytes) > 0 {
   101  			extEsCa = string(bytes)
   102  		}
   103  	}
   104  	for _, managedCluster := range managedClusters {
   105  		reg := getRegistration(managedCluster)
   106  		if reg != nil {
   107  			gomega.Eventually(func() bool {
   108  				return verifyCaBundles(reg, managedCluster, esSec, extEsCa)
   109  			}, waitTimeout, pollingInterval).Should(gomega.BeTrue(), fmt.Sprintf("CA bundle in %s is not synced", esSec))
   110  		}
   111  	}
   112  }
   113  
   114  func getRegistration(managedCluster *multicluster.Cluster) *corev1.Secret {
   115  	reg, _ := adminCluster.GetRegistration(managedCluster.Name)
   116  	if reg == nil {
   117  		adminCluster.Register(managedCluster)
   118  		gomega.Eventually(func() bool {
   119  			reg, _ := adminCluster.GetRegistration(managedCluster.Name)
   120  			return reg != nil
   121  		}, waitTimeout, pollingInterval).Should(gomega.BeTrue(), fmt.Sprintf("%s is not registered", managedCluster.Name))
   122  		reg, _ = adminCluster.GetRegistration(managedCluster.Name)
   123  	}
   124  	return reg
   125  }
   126  
   127  func verifyCaBundles(reg *corev1.Secret, managedCluster *multicluster.Cluster, esSec, extEsCa string) bool {
   128  	admEsCa, regEsCa := caBundles(reg)
   129  	mngEsCa := ""
   130  	if extEsCa == "" {
   131  		extEsCa = admEsCa
   132  	}
   133  	bytes, _ := managedCluster.
   134  		GetSecretData(constants.VerrazzanoSystemNamespace, "verrazzano-cluster-registration", mcconst.ESCaBundleKey)
   135  	pkg.Log(pkg.Info, fmt.Sprintf("Opensearch ca-bundle synced to registration:%v managed-cluster:%v", extEsCa == regEsCa, extEsCa == mngEsCa))
   136  	if len(bytes) == 0 {
   137  		//if the managed-cluster is NOT registered, verify only the ca in registration
   138  		if extEsCa != regEsCa {
   139  			pkg.Log(pkg.Info, fmt.Sprintf("Opensearch ca-bundle in %s is not synced to %v registration", esSec, managedCluster.Name))
   140  			return false
   141  		}
   142  		return extEsCa == regEsCa
   143  	}
   144  	mngEsCa = string(bytes)
   145  	if extEsCa != mngEsCa {
   146  		pkg.Log(pkg.Info, fmt.Sprintf("ManagedCluster %v verrazzano-cluster-registration is not synced", managedCluster.Name))
   147  		return false
   148  	}
   149  	return extEsCa == mngEsCa
   150  }
   151  
   152  func caBundles(reg *corev1.Secret) (string, string) {
   153  	admEsCa, regEsCa := "", ""
   154  	for k, v := range reg.Data {
   155  		if k == mcconst.ESCaBundleKey {
   156  			regEsCa = string(v)
   157  		}
   158  		if k == mcconst.AdminCaBundleKey {
   159  			admEsCa = string(v)
   160  		}
   161  	}
   162  	return admEsCa, regEsCa
   163  }