-
Notifications
You must be signed in to change notification settings - Fork 123
/
tests.go
144 lines (117 loc) · 3.49 KB
/
tests.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
// Copyright 2021-2023 Zenauth Ltd.
// SPDX-License-Identifier: Apache-2.0
//go:build e2e
package e2e
import (
"crypto/tls"
"fmt"
"testing"
"time"
"github.com/stretchr/testify/require"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials"
"google.golang.org/grpc/credentials/insecure"
"github.com/cerbos/cerbos/client"
"github.com/cerbos/cerbos/internal/server"
)
const (
AdminSuite = "admin"
ChecksSuite = "checks"
PlanResourcesSuite = "plan_resources"
testTimeout = 90 * time.Second // Things are slower inside Kind
)
type Opt func(*suiteOpt)
type suiteOpt struct {
contextID string
suites []string
computedEnv func(Ctx) map[string]string
postSetup func(Ctx)
tlsDisabled bool
overlayMaxRetries uint64
}
func WithContextID(contextID string) Opt {
return func(so *suiteOpt) {
so.contextID = contextID
}
}
func WithSuites(suites ...string) Opt {
return func(so *suiteOpt) {
so.suites = append(so.suites, suites...)
}
}
func WithComputedEnv(fn func(Ctx) map[string]string) Opt {
return func(so *suiteOpt) {
so.computedEnv = fn
}
}
func WithPostSetup(fn func(Ctx)) Opt {
return func(so *suiteOpt) {
so.postSetup = fn
}
}
func WithMutableStoreSuites() Opt {
return func(so *suiteOpt) {
so.suites = []string{AdminSuite, ChecksSuite, PlanResourcesSuite}
}
}
func WithImmutableStoreSuites() Opt {
return func(so *suiteOpt) {
so.suites = []string{ChecksSuite, PlanResourcesSuite}
}
}
func WithTLSDisabled() Opt {
return func(so *suiteOpt) {
so.tlsDisabled = true
}
}
func WithOverlayMaxRetries(nRetries uint64) Opt {
return func(so *suiteOpt) {
so.overlayMaxRetries = nRetries
}
}
func RunSuites(t *testing.T, opts ...Opt) {
sopt := suiteOpt{}
for _, o := range opts {
o(&sopt)
}
require.NotEmpty(t, sopt.contextID, "Context ID must not be empty")
require.NotEmpty(t, sopt.suites, "At least one suite must be defined")
ctx := NewCtx(t, sopt.contextID, sopt.tlsDisabled)
if sopt.computedEnv != nil {
ctx.Logf("Running ComputedEnv function")
ctx.ComputedEnv = sopt.computedEnv(ctx)
ctx.Logf("Finished ComputedEnv function")
}
require.NoError(t, Setup(ctx))
t.Cleanup(func() {
if t.Failed() {
if err := CmdWithOutput(ctx, "stern", ".*", fmt.Sprintf("--namespace=%s", ctx.Namespace()), "--no-follow"); err != nil {
t.Logf("Failed to grab logs: %v", err)
}
}
})
if sopt.postSetup != nil {
ctx.Logf("Running PostSetup function")
sopt.postSetup(ctx)
ctx.Logf("Finished PostSetup function")
}
tr := server.LoadTestCases(t, sopt.suites...)
tr.Timeout = testTimeout
if sopt.overlayMaxRetries != 0 {
tr.WithCerbosClientRetries(sopt.overlayMaxRetries)
}
creds := &server.AuthCreds{Username: "cerbos", Password: "cerbosAdmin"}
grpcDialOpts := []grpc.DialOption{grpc.WithPerRPCCredentials(creds)}
clientOpts := []client.Opt{client.WithRetryTimeout(30 * time.Second), client.WithMaxRetries(1)}
if sopt.tlsDisabled {
grpcDialOpts = append(grpcDialOpts, grpc.WithTransportCredentials(insecure.NewCredentials()))
clientOpts = append(clientOpts, client.WithPlaintext())
} else {
tlsConf := &tls.Config{InsecureSkipVerify: true} //nolint:gosec
grpcDialOpts = append(grpcDialOpts, grpc.WithTransportCredentials(credentials.NewTLS(tlsConf)))
clientOpts = append(clientOpts, client.WithTLSInsecure())
}
t.Run("grpc", tr.RunGRPCTests(ctx.GRPCAddr(), grpcDialOpts...))
t.Run("http", tr.RunHTTPTests(ctx.HTTPAddr(), creds))
t.Run("client", client.RunE2ETests(ctx.GRPCAddr(), clientOpts...))
}