chore: enable chainsaw integration tests (keptn#2882)

Signed-off-by: Charles-Edouard Brétéché <[email protected]>
Signed-off-by: vickysomtee <[email protected]>

.chainsaw-local.yaml

@@ -0,0 +1,10 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/kyverno/chainsaw/main/.schemas/json/configuration-chainsaw-v1alpha1.json
+apiVersion: chainsaw.kyverno.io/v1alpha1
+kind: Configuration
+metadata:
+  name: configuration-local
+spec:
+  timeouts:
+    assert: 5m
+    cleanup: 5m
+    error: 5m

.chainsaw.yaml

@@ -0,0 +1,11 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/kyverno/chainsaw/main/.schemas/json/configuration-chainsaw-v1alpha1.json
+apiVersion: chainsaw.kyverno.io/v1alpha1
+kind: Configuration
+metadata:
+  name: configuration
+spec:
+  skipDelete: true
+  timeouts:
+    assert: 6m40s
+    cleanup: 6m40s
+    error: 6m40s

.github/actions/spelling/expect.txt

@@ -75,6 +75,7 @@ carryforward
 certificatehandler
 certmanager
 certwebhook
+chainsaw
 Chans
 Checkmarx
 clientgoscheme
@@ -370,6 +371,7 @@ kustomizeconfig
 kuttl
 kwi
 kwv
+kyverno
 lastword
 Lato
 LFC

.github/workflows/integration-test.yml

@@ -74,3 +74,50 @@ jobs:
         with:
           name: logs-integration-tests-${{ inputs.scheduling-gates }}-${{ inputs.allowed-namespaces }}
           path: .github/scripts/logs
+
+  run-chainsaw-test:
+    name: Run Chainsaw Tests
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+
+      - name: Setup cluster
+        uses: ./.github/actions/deploy-keptn-on-cluster
+        with:
+          runtime_tag: ${{ inputs.runtime_tag }}
+          scheduling-gates: ${{ inputs.scheduling-gates }}
+          allowed-namespaces: ${{ inputs.allowed-namespaces }}
+
+      - name: Install and expose Prometheus
+        uses: ./.github/actions/deploy-prometheus-on-cluster
+
+      - name: Install Chainsaw
+        uses: kyverno/action-install-chainsaw@56be3cb4ec65a987b6ef4d7ab3a55ee17760a57c # v0.1.2
+
+      - name: (Chainsaw) Run Scheduling Gates Integration Tests
+        if: inputs.scheduling-gates == 'gates_on' && inputs.allowed-namespaces == 'allowed_ns_off'
+        working-directory: .
+        run: make chainsaw-integration-test-scheduling-gates
+
+      - name: (Chainsaw) Run Allowed namespaces Integration Tests
+        if: inputs.allowed-namespaces == 'allowed_ns_on'
+        working-directory: .
+        run: make chainsaw-integration-test-allowed-namespaces
+
+      # - name: (Chainsaw) Run Integration Tests
+      #   if: inputs.allowed-namespaces == 'allowed_ns_off'
+      #   working-directory: .
+      #   run: make integration-test
+
+      - name: Create reports
+        if: failure()
+        working-directory: ./.github/scripts
+        run: ./create-reports-full.sh
+
+      - name: Upload cluster logs
+        if: failure()
+        uses: actions/upload-artifact@v3
+        with:
+          name: logs-chainsaw-integration-tests-${{ inputs.scheduling-gates }}-${{ inputs.allowed-namespaces }}
+          path: .github/scripts/logs

Makefile

@@ -22,6 +22,10 @@ $(LOCALBIN):
 ## Tool Binaries
 KUSTOMIZE ?= $(LOCALBIN)/kustomize
 
+#########
+# KUTTL #
+#########
+
 .PHONY: integration-test #these tests should run on a real cluster!
 integration-test:	# to run a single test by name use --test eg. --test=expose-keptn-metric
 	kubectl kuttl test --start-kind=false ./test/kuttl/integration/ --config=kuttl-test.yaml
@@ -52,6 +56,26 @@ integration-test-allowed-namespaces:	# to run a single test by name use --test e
 integration-test-allowed-namespaces-local: install-prometheus
 	kubectl kuttl test --start-kind=false ./test/kuttl/allowed-namespaces/ --config=kuttl-test-local.yaml
 
+############
+# CHAINSAW #
+############
+
+.PHONY: chainsaw-integration-test-scheduling-gates #these tests should run on a real cluster!
+chainsaw-integration-test-scheduling-gates:
+	chainsaw test --test-dir ./test/chainsaw/scheduling-gates/
+
+.PHONY: chainsaw-integration-test-scheduling-gates-local #these tests should run on a real cluster!
+chainsaw-integration-test-scheduling-gates-local: install-prometheus
+	chainsaw test --test-dir ./test/chainsaw/scheduling-gates/ --config ./.chainsaw-local.yaml
+
+.PHONY: chainsaw-integration-test-allowed-namespaces #these tests should run on a real cluster!
+chainsaw-integration-test-allowed-namespaces:
+	chainsaw test --test-dir ./test/chainsaw/allowed-namespaces/
+
+.PHONY: chainsaw-integration-test-allowed-namespaces-local #these tests should run on a real cluster!
+chainsaw-integration-test-allowed-namespaces-local: install-prometheus
+	chainsaw test --test-dir ./test/chainsaw/allowed-namespaces/ --config ./.chainsaw-local.yaml
+
 .PHONY: load-test
 load-test:
 	kubectl apply -f ./test/load/assets/templates/namespace.yaml

docs/docs/contribute/general/technologies.md

@@ -50,6 +50,10 @@ for working with and contributing to Keptn.
   Some test tools are written in KUTTL
   * [KUTTL web page](https://kuttl.dev/)
   has information to get you started
+* **Chainsaw**
+  Some test tools are written with chainsaw
+  * [Chainsaw web page](https://kyverno.github.io/chainsaw/)
+  has information to get you started
 * **Markdown**
   Keptn documentation is authored in Markdown
   and processed with Hugo using the `docsy` theme.

test/chainsaw/allowed-namespaces/simple-deployment-allowed/00-assert.yaml

@@ -0,0 +1,9 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: test
+  name: test
+  namespace: allowed-ns-test
+status:
+  readyReplicas: 2

test/chainsaw/allowed-namespaces/simple-deployment-allowed/00-install.yaml

@@ -0,0 +1,50 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: allowed-ns-test
+  annotations:
+    keptn.sh/lifecycle-toolkit: enabled
+---
+apiVersion: lifecycle.keptn.sh/v1beta1
+kind: KeptnTaskDefinition
+metadata:
+  name: pre-deployment-hello
+  namespace: allowed-ns-test
+spec:
+  function:
+    inline:
+      code: |
+        console.log("Pre-Deployment Task has been executed");
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: test
+  name: test
+  namespace: allowed-ns-test
+  annotations:
+    keptn.sh/workload: waiter
+    keptn.sh/version: "0.4"
+    keptn.sh/pre-deployment-tasks: pre-deployment-hello
+    keptn.sh/post-deployment-tasks: pre-deployment-hello
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: test
+  strategy: {}
+  template:
+    metadata:
+      labels:
+        app: test
+    spec:
+      containers:
+        - image: busybox
+          name: busybox
+          command: ['sh', '-c', 'echo The app is running! && sleep infinity']
+      initContainers:
+        - name: init-myservice
+          image: busybox:1.36.1
+          command: ['sh', '-c', 'sleep 10']

test/chainsaw/allowed-namespaces/simple-deployment-allowed/01-assert.yaml

@@ -0,0 +1,24 @@
+apiVersion: lifecycle.keptn.sh/v1beta1
+kind: KeptnWorkload
+metadata:
+  name: waiter-waiter
+  namespace: allowed-ns-test
+---
+apiVersion: lifecycle.keptn.sh/v1beta1
+kind: KeptnWorkloadVersion
+metadata:
+  name: waiter-waiter-0.4
+  namespace: allowed-ns-test
+status:
+  currentPhase: Completed
+  deploymentStatus: Succeeded
+  postDeploymentEvaluationStatus: Succeeded
+  postDeploymentStatus: Succeeded
+  postDeploymentTaskStatus:
+    - status: Succeeded
+      definitionName: pre-deployment-hello
+  preDeploymentEvaluationStatus: Succeeded
+  preDeploymentStatus: Succeeded
+  preDeploymentTaskStatus:
+    - status: Succeeded
+      definitionName: pre-deployment-hello

test/chainsaw/allowed-namespaces/simple-deployment-allowed/chainsaw-test.yaml

@@ -0,0 +1,18 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/kyverno/chainsaw/main/.schemas/json/test-chainsaw-v1alpha1.json
+apiVersion: chainsaw.kyverno.io/v1alpha1
+kind: Test
+metadata:
+  creationTimestamp: null
+  name: simple-deployment-allowed
+spec:
+  steps:
+    - name: step-00
+      try:
+        - apply:
+            file: 00-install.yaml
+        - assert:
+            file: 00-assert.yaml
+    - name: step-01
+      try:
+        - assert:
+            file: 01-assert.yaml

test/chainsaw/allowed-namespaces/simple-deployment-not-allowed/00-assert.yaml

@@ -0,0 +1,9 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: test
+  name: test
+  namespace: not-allowed-ns-test
+status:
+  readyReplicas: 2

test/chainsaw/allowed-namespaces/simple-deployment-not-allowed/00-install.yaml

@@ -0,0 +1,50 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: not-allowed-ns-test
+  annotations:
+    keptn.sh/lifecycle-toolkit: enabled
+---
+apiVersion: lifecycle.keptn.sh/v1beta1
+kind: KeptnTaskDefinition
+metadata:
+  name: pre-deployment-hello
+  namespace: not-allowed-ns-test
+spec:
+  function:
+    inline:
+      code: |
+        console.log("Pre-Deployment Task has been executed");
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: test
+  name: test
+  namespace: not-allowed-ns-test
+  annotations:
+    keptn.sh/workload: waiter
+    keptn.sh/version: "0.4"
+    keptn.sh/pre-deployment-tasks: pre-deployment-hello
+    keptn.sh/post-deployment-tasks: pre-deployment-hello
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: test
+  strategy: {}
+  template:
+    metadata:
+      labels:
+        app: test
+    spec:
+      containers:
+        - image: busybox
+          name: busybox
+          command: ['sh', '-c', 'echo The app is running! && sleep infinity']
+      initContainers:
+        - name: init-myservice
+          image: busybox:1.36.1
+          command: ['sh', '-c', 'sleep 10']

test/chainsaw/allowed-namespaces/simple-deployment-not-allowed/chainsaw-test.yaml

@@ -0,0 +1,35 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/kyverno/chainsaw/main/.schemas/json/test-chainsaw-v1alpha1.json
+apiVersion: chainsaw.kyverno.io/v1alpha1
+kind: Test
+metadata:
+  creationTimestamp: null
+  name: simple-deployment-not-allowed
+spec:
+  steps:
+    - name: step-00
+      try:
+        - apply:
+            file: 00-install.yaml
+        - assert:
+            file: 00-assert.yaml
+    - name: step-01
+      try:
+      # we expect none of these resources to be present
+        - error:
+            resource:
+              apiVersion: lifecycle.keptn.sh/v1beta1
+              kind: KeptnTask
+              metadata:
+                namespace: not-allowed-ns-test
+        - error:
+            resource:
+              apiVersion: lifecycle.keptn.sh/v1beta1
+              kind: KeptnWorkload
+              metadata:
+                namespace: not-allowed-ns-test
+        - error:
+            resource:
+              apiVersion: lifecycle.keptn.sh/v1beta1
+              kind: KeptnApp
+              metadata:
+                namespace: not-allowed-ns-test

test/chainsaw/scheduling-gates/simple-deployment/00-assert.yaml

@@ -0,0 +1,20 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: test
+  name: test
+status:
+  readyReplicas: 1
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  annotations:
+    keptn.sh/scheduling-gate-removed: "true"
+  labels:
+    app: test
+spec:
+  schedulerName: default-scheduler
+status:
+  phase: Running