mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-01-01 02:46:16 -05:00
005e865a13
* [wip] use state file in CLI Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> tidy Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use state file in CLI Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> take clusterConfig from IDFile for compat Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> various fixes Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> wip Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add GCP-specific values in Helm loader test Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove unnecessary pointer Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * write ClusterValues in one step Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * move stub to test file Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove mention of id-file Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * move output to `migrateTerraform` Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * unconditional assignments converting from idFile Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * move require block in go modules file Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fall back to id file on upgrade Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * tidy Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix linter check Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add notice to remove Terraform state check on manual migration Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add `name` field Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> fix name tests Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * return early if no Terraform diff Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * tidy Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * return infrastructure state even if no diff exists Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add TODO to remove comment Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use state-file in miniconstellation Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * cli: remove id-file (#2402) * remove id-file from `constellation create` Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add file renaming to handler * rename id-file after upgrade * use idFile on `constellation init` Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove id-file from `constellation verify` Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * linter fixes Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove id-file from `constellation mini` * remove id-file from `constellation recover` * linter fixes * remove id-file from `constellation terminate` * fix initSecret type * fix recover argument precedence * fix terminate test * generate * add TODO to remove id-file removal * Update cli/internal/cmd/init.go Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com> * fix verify arg parse logic Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add version test Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove id-file from docs * add file not found log * use state-file in miniconstellation Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove id-file from `constellation iam destroy` Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove id-file from `cdbg deploy` Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com> * use state-file in CI Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * update orchestration docs --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
254 lines
7.2 KiB
Go
254 lines
7.2 KiB
Go
/*
|
|
Copyright (c) Edgeless Systems GmbH
|
|
|
|
SPDX-License-Identifier: AGPL-3.0-only
|
|
*/
|
|
|
|
package helm
|
|
|
|
import (
|
|
"errors"
|
|
"testing"
|
|
|
|
"github.com/edgelesssys/constellation/v2/cli/internal/state"
|
|
"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
|
|
"github.com/edgelesssys/constellation/v2/internal/compatibility"
|
|
"github.com/edgelesssys/constellation/v2/internal/config"
|
|
"github.com/edgelesssys/constellation/v2/internal/kms/uri"
|
|
"github.com/edgelesssys/constellation/v2/internal/logger"
|
|
"github.com/edgelesssys/constellation/v2/internal/semver"
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/mock"
|
|
"helm.sh/helm/v3/pkg/action"
|
|
)
|
|
|
|
func TestMergeMaps(t *testing.T) {
|
|
testCases := map[string]struct {
|
|
vals map[string]any
|
|
extraVals map[string]any
|
|
expected map[string]any
|
|
}{
|
|
"equal": {
|
|
vals: map[string]any{
|
|
"join-service": map[string]any{
|
|
"key1": "foo",
|
|
"key2": "bar",
|
|
},
|
|
},
|
|
extraVals: map[string]any{
|
|
"join-service": map[string]any{
|
|
"extraKey1": "extraFoo",
|
|
"extraKey2": "extraBar",
|
|
},
|
|
},
|
|
expected: map[string]any{
|
|
"join-service": map[string]any{
|
|
"key1": "foo",
|
|
"key2": "bar",
|
|
"extraKey1": "extraFoo",
|
|
"extraKey2": "extraBar",
|
|
},
|
|
},
|
|
},
|
|
"missing join-service extraVals": {
|
|
vals: map[string]any{
|
|
"join-service": map[string]any{
|
|
"key1": "foo",
|
|
"key2": "bar",
|
|
},
|
|
},
|
|
extraVals: map[string]any{
|
|
"extraKey1": "extraFoo",
|
|
"extraKey2": "extraBar",
|
|
},
|
|
expected: map[string]any{
|
|
"join-service": map[string]any{
|
|
"key1": "foo",
|
|
"key2": "bar",
|
|
},
|
|
"extraKey1": "extraFoo",
|
|
"extraKey2": "extraBar",
|
|
},
|
|
},
|
|
"missing join-service vals": {
|
|
vals: map[string]any{
|
|
"key1": "foo",
|
|
"key2": "bar",
|
|
},
|
|
extraVals: map[string]any{
|
|
"join-service": map[string]any{
|
|
"extraKey1": "extraFoo",
|
|
"extraKey2": "extraBar",
|
|
},
|
|
},
|
|
expected: map[string]any{
|
|
"key1": "foo",
|
|
"key2": "bar",
|
|
"join-service": map[string]any{
|
|
"extraKey1": "extraFoo",
|
|
"extraKey2": "extraBar",
|
|
},
|
|
},
|
|
},
|
|
"key collision": {
|
|
vals: map[string]any{
|
|
"join-service": map[string]any{
|
|
"key1": "foo",
|
|
},
|
|
},
|
|
extraVals: map[string]any{
|
|
"join-service": map[string]any{
|
|
"key1": "bar",
|
|
},
|
|
},
|
|
expected: map[string]any{
|
|
"join-service": map[string]any{
|
|
"key1": "bar",
|
|
},
|
|
},
|
|
},
|
|
}
|
|
|
|
for name, tc := range testCases {
|
|
t.Run(name, func(t *testing.T) {
|
|
assert := assert.New(t)
|
|
newVals := mergeMaps(tc.vals, tc.extraVals)
|
|
assert.Equal(tc.expected, newVals)
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestHelmApply(t *testing.T) {
|
|
cliVersion := semver.NewFromInt(1, 99, 0, "")
|
|
csp := cloudprovider.AWS // using AWS since it has an additional chart: aws-load-balancer-controller
|
|
microserviceCharts := []string{
|
|
"constellation-services",
|
|
"constellation-operators",
|
|
"constellation-csi",
|
|
}
|
|
testCases := map[string]struct {
|
|
clusterMicroServiceVersion string
|
|
expectedActions []string
|
|
expectUpgrade bool
|
|
clusterCertManagerVersion *string
|
|
clusterAWSLBVersion *string
|
|
allowDestructive bool
|
|
expectError bool
|
|
}{
|
|
"CLI microservices are 1 minor version newer than cluster ones": {
|
|
clusterMicroServiceVersion: "v1.98.1",
|
|
expectedActions: microserviceCharts,
|
|
expectUpgrade: true,
|
|
},
|
|
"CLI microservices are 2 minor versions newer than cluster ones": {
|
|
clusterMicroServiceVersion: "v1.97.0",
|
|
expectedActions: []string{},
|
|
},
|
|
"cluster microservices are newer than CLI": {
|
|
clusterMicroServiceVersion: "v1.100.0",
|
|
},
|
|
"cluster and CLI microservices have the same version": {
|
|
clusterMicroServiceVersion: "v1.99.0",
|
|
expectedActions: []string{},
|
|
},
|
|
"cert-manager upgrade is ignored when denying destructive upgrades": {
|
|
clusterMicroServiceVersion: "v1.99.0",
|
|
clusterCertManagerVersion: toPtr("v1.9.0"),
|
|
allowDestructive: false,
|
|
expectError: true,
|
|
},
|
|
"both microservices and cert-manager are upgraded in destructive mode": {
|
|
clusterMicroServiceVersion: "v1.98.1",
|
|
clusterCertManagerVersion: toPtr("v1.9.0"),
|
|
expectedActions: append(microserviceCharts, "cert-manager"),
|
|
expectUpgrade: true,
|
|
allowDestructive: true,
|
|
},
|
|
"only missing aws-load-balancer-controller is installed": {
|
|
clusterMicroServiceVersion: "v1.99.0",
|
|
clusterAWSLBVersion: toPtr(""),
|
|
expectedActions: []string{"aws-load-balancer-controller"},
|
|
},
|
|
}
|
|
|
|
cfg := config.Default()
|
|
cfg.RemoveProviderAndAttestationExcept(csp)
|
|
cfg.MicroserviceVersion = cliVersion
|
|
log := logger.NewTest(t)
|
|
options := Options{
|
|
Conformance: false,
|
|
HelmWaitMode: WaitModeWait,
|
|
AllowDestructive: true,
|
|
Force: false,
|
|
}
|
|
for name, tc := range testCases {
|
|
t.Run(name, func(t *testing.T) {
|
|
lister := &releaseVersionMock{}
|
|
sut := Client{
|
|
factory: newActionFactory(nil, lister, &action.Configuration{}, log),
|
|
log: log,
|
|
cliVersion: cliVersion,
|
|
}
|
|
awsLbVersion := "v1.5.4" // current version
|
|
if tc.clusterAWSLBVersion != nil {
|
|
awsLbVersion = *tc.clusterAWSLBVersion
|
|
}
|
|
|
|
certManagerVersion := "v1.10.0" // current version
|
|
if tc.clusterCertManagerVersion != nil {
|
|
certManagerVersion = *tc.clusterCertManagerVersion
|
|
}
|
|
helmListVersion(lister, "cilium", "v1.12.1")
|
|
helmListVersion(lister, "cert-manager", certManagerVersion)
|
|
helmListVersion(lister, "constellation-services", tc.clusterMicroServiceVersion)
|
|
helmListVersion(lister, "constellation-operators", tc.clusterMicroServiceVersion)
|
|
helmListVersion(lister, "constellation-csi", tc.clusterMicroServiceVersion)
|
|
helmListVersion(lister, "aws-load-balancer-controller", awsLbVersion)
|
|
|
|
options.AllowDestructive = tc.allowDestructive
|
|
ex, includesUpgrade, err := sut.PrepareApply(cfg,
|
|
state.New().
|
|
SetInfrastructure(state.Infrastructure{UID: "testuid"}).
|
|
SetClusterValues(state.ClusterValues{MeasurementSalt: []byte{0x41}}),
|
|
options, fakeServiceAccURI(csp),
|
|
uri.MasterSecret{Key: []byte("secret"), Salt: []byte("masterSalt")})
|
|
var upgradeErr *compatibility.InvalidUpgradeError
|
|
if tc.expectError {
|
|
assert.Error(t, err)
|
|
} else {
|
|
assert.True(t, err == nil || errors.As(err, &upgradeErr))
|
|
}
|
|
assert.Equal(t, tc.expectUpgrade, includesUpgrade)
|
|
chartExecutor, ok := ex.(*ChartApplyExecutor)
|
|
assert.True(t, ok)
|
|
assert.ElementsMatch(t, tc.expectedActions, getActionReleaseNames(chartExecutor.actions))
|
|
})
|
|
}
|
|
}
|
|
|
|
func getActionReleaseNames(actions []applyAction) []string {
|
|
releaseActionNames := []string{}
|
|
for _, action := range actions {
|
|
releaseActionNames = append(releaseActionNames, action.ReleaseName())
|
|
}
|
|
return releaseActionNames
|
|
}
|
|
|
|
func helmListVersion(l *releaseVersionMock, releaseName string, installedVersion string) {
|
|
if installedVersion == "" {
|
|
l.On("currentVersion", releaseName).Return(semver.Semver{}, errReleaseNotFound)
|
|
return
|
|
}
|
|
v, _ := semver.New(installedVersion)
|
|
l.On("currentVersion", releaseName).Return(v, nil)
|
|
}
|
|
|
|
type releaseVersionMock struct {
|
|
mock.Mock
|
|
}
|
|
|
|
func (s *releaseVersionMock) currentVersion(release string) (semver.Semver, error) {
|
|
args := s.Called(release)
|
|
return args.Get(0).(semver.Semver), args.Error(1)
|
|
}
|