Add app-gateway k3d integration test

.github/workflows/kyma-integration-k3d-app-gateway.yml

@@ -0,0 +1,20 @@
+name: Run app-gateway integration tests on k3d
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: azure/setup-helm@v4.1.0
+        id: install
+      - name: Checkout code
+        uses: actions/checkout@v3
+      - name: Install k3d
+        env:
+          K3D_URL: https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh
+          DEFAULT_K3D_VERSION: v5.4.6
+        run: curl --silent --fail $K3D_URL | TAG=$DEFAULT_K3D_VERSION bash
+      - name: Run unit tests
+        run: make -C tests/hack/ci k3d-gateway-tests

.github/workflows/run-tests.yaml

@@ -11,7 +11,6 @@ jobs:
     steps:
     - name: Checkout code
       uses: actions/checkout@v3
-
     - name: Set up cache
       uses: actions/cache@v3
       with:
@@ -22,12 +21,10 @@ jobs:
         key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
         restore-keys: |
           ${{ runner.os }}-go-
-
     - name: Set up go environment
       uses: actions/setup-go@v4
       with:
         go-version: 1.21
-
     - name: Run unit tests
       run: make test
 

.gitignore

@@ -30,4 +30,4 @@ manifests/*
 
 mod
 bin
-charts
+charts/**/*

tests/.dockerignore

@@ -0,0 +1,2 @@
+deployments/
+README.md

tests/.gitignore

@@ -0,0 +1 @@
+resources/charts/gateway-test/certs/

tests/Dockerfile.compass-runtime-agent

@@ -0,0 +1,17 @@
+# image builder base on golang:1.21.1-alpine3.18
+FROM golang@sha256:0c860c7ceba62231d0f99fb92e9d7c1577f26fea794a12c75756a8f64b146e45 as builder
+
+WORKDIR /compass-test/
+
+COPY go.mod go.sum ./
+RUN go mod download && go mod verify
+
+COPY . .
+
+RUN CGO_ENABLED=0 go test -v -c -o compass-test ./test/compass-runtime-agent/
+
+FROM scratch
+
+COPY --from=builder /compass-test/compass-test /
+ENTRYPOINT [ "/compass-test" ]
+CMD ["-test.v", "-test.parallel", "1"]

tests/Dockerfile.connectivity-validator

@@ -0,0 +1,17 @@
+# image builder base on golang:1.21.1-alpine3.18
+FROM golang@sha256:0c860c7ceba62231d0f99fb92e9d7c1577f26fea794a12c75756a8f64b146e45 as builder
+
+WORKDIR /validator-test/
+
+COPY go.mod go.sum ./
+RUN go mod download && go mod verify
+
+COPY . .
+
+RUN CGO_ENABLED=0 go test -v -c -o validator-test ./test/application-connectivity-validator/
+
+FROM scratch
+
+COPY --from=builder /validator-test/validator-test /
+ENTRYPOINT [ "/validator-test" ]
+CMD ["-test.v"]

tests/Dockerfile.gateway

@@ -0,0 +1,17 @@
+# image builder base on golang:1.21.1-alpine3.18
+FROM golang@sha256:0c860c7ceba62231d0f99fb92e9d7c1577f26fea794a12c75756a8f64b146e45 as builder
+
+WORKDIR /gateway-test/
+
+COPY go.mod go.sum ./
+RUN go mod download && go mod verify
+
+COPY . .
+
+RUN CGO_ENABLED=0 go test -v -c -o gateway-test ./test/application-gateway/
+
+FROM scratch
+
+COPY --from=builder /gateway-test/gateway-test /
+ENTRYPOINT [ "/gateway-test" ]
+CMD ["-test.v"]

tests/Dockerfile.mockapp

@@ -0,0 +1,17 @@
+# image builder base on golang:1.21.1-alpine3.18
+FROM golang@sha256:0c860c7ceba62231d0f99fb92e9d7c1577f26fea794a12c75756a8f64b146e45 as builder
+
+WORKDIR /mock-app/
+
+COPY go.mod go.sum ./
+RUN go mod download && go mod verify
+
+COPY . .
+
+
+RUN CGO_ENABLED=0 go build -v -o mock-app ./tools/external-api-mock-app
+
+FROM scratch
+COPY --from=builder /mock-app/mock-app .
+ENTRYPOINT [ "/mock-app" ]
+CMD []

tests/Makefile

@@ -0,0 +1,33 @@
+GATEWAY_TEST_IMAGE = "$(DOCKER_PUSH_REPOSITORY)$(DOCKER_PUSH_DIRECTORY)/gateway-test:$(DOCKER_TAG)"
+VALIDATOR_TEST_IMAGE = "$(DOCKER_PUSH_REPOSITORY)$(DOCKER_PUSH_DIRECTORY)/connectivity-validator-test:$(DOCKER_TAG)"
+COMPASS_TEST_IMAGE = "$(DOCKER_PUSH_REPOSITORY)$(DOCKER_PUSH_DIRECTORY)/compass-runtime-agent-test:$(DOCKER_TAG)"
+MOCK_APP_IMAGE = "$(DOCKER_PUSH_REPOSITORY)$(DOCKER_PUSH_DIRECTORY)/mock-app:$(DOCKER_TAG)"
+
+.PHONY: release image
+
+release: publish-gateway-test publish-mock-app publish-validator-test publish-compass-runtime-agent-test
+image: image-gateway-test image-validator-test image-compass-runtime-agent-test
+
+publish-gateway-test: image-gateway-test
+	docker push $(GATEWAY_TEST_IMAGE)
+
+image-gateway-test:
+	docker build -t $(GATEWAY_TEST_IMAGE) -f Dockerfile.gateway .
+
+publish-mock-app: image-mock-app
+	docker push $(MOCK_APP_IMAGE)
+
+image-mock-app:
+	docker build -t $(MOCK_APP_IMAGE) -f Dockerfile.mockapp .
+
+publish-validator-test: image-validator-test
+	docker push $(VALIDATOR_TEST_IMAGE)
+
+image-validator-test:
+	docker build -t $(VALIDATOR_TEST_IMAGE) -f Dockerfile.connectivity-validator .
+
+publish-compass-runtime-agent-test: image-compass-runtime-agent-test
+	docker push $(COMPASS_TEST_IMAGE)
+
+image-compass-runtime-agent-test:
+	docker build -t $(COMPASS_TEST_IMAGE) -f Dockerfile.compass-runtime-agent .

tests/Makefile.test-application-conn-validator

@@ -0,0 +1,59 @@
+# -*- mode: Makefile -*-
+
+NAMESPACE ?= test
+GOPATH ?= $(shell go env GOPATH)
+
+VALIDATOR_TEST_IMAGE = "$(DOCKER_PUSH_REPOSITORY)$(DOCKER_PUSH_DIRECTORY)/connectivity-validator-test:$(DOCKER_TAG)"
+TEST_TIMEOUT = "3m"
+MAKEFILE_NAME=Makefile.test-application-conn-validator
+
+.PHONY: test clean
+.PHONY: patch-for-validator-test unpatch-after-validator-test test-validator test-validator-debug validator-create-resources clean-validator-test publish-validator-test
+
+test: test-validator
+clean: clean-validator-test
+
+patch-for-validator-test:
+	kubectl -n kyma-system patch deployment central-application-connectivity-validator --type json --patch-file resources/patches/central-application-connectivity-validator.json
+	kubectl rollout status deploy central-application-connectivity-validator -n kyma-system --timeout=1m
+
+unpatch-after-validator-test:
+	kubectl rollout undo deployment/central-application-connectivity-validator -n kyma-system
+
+test-validator: patch-for-validator-test validator-create-resources
+	if kubectl wait --for=condition=complete --timeout=$(TEST_TIMEOUT) -n $(NAMESPACE) job/application-connectivity-validator-test; then \
+	echo "Success! Results:"; \
+	./scripts/check-pod-logs.sh application-connectivity-validator-test; \
+	$(MAKE) clean-validator-test -f $(MAKEFILE_NAME); \
+	else \
+	echo "Tests failed! Results:"; \
+	./scripts/check-pod-logs.sh application-connectivity-validator-test; \
+	$(MAKE) clean-validator-test -f $(MAKEFILE_NAME); \
+	exit 1; \
+	fi
+
+test-validator-debug: patch-for-validator-test validator-create-resources
+	kubectl wait --for=condition=complete --timeout=$(TEST_TIMEOUT) -n $(NAMESPACE) job/application-connectivity-validator-test; \
+	echo "Results:"; \
+	./scripts/check-pod-logs.sh application-connectivity-validator-test; \
+
+validator-create-resources:
+	kubectl create namespace $(NAMESPACE) --dry-run=client -o yaml | kubectl apply -f -
+	kubectl label namespace $(NAMESPACE) istio-injection=enabled --overwrite
+
+	helm template resources/charts/application-connectivity-validator-test/charts/echoserver \
+		--set global.namespace=$(NAMESPACE) \
+	| kubectl apply -f -
+	kubectl rollout status deployment echoserver -n test --timeout=90s
+
+	@helm template resources/charts/application-connectivity-validator-test/charts/test \
+    		--set namespace=$(NAMESPACE) \
+    		--values resources/charts/application-connectivity-validator-test/values.yaml \
+	| kubectl apply -f -
+
+clean-validator-test: unpatch-after-validator-test
+	helm template resources/charts/application-connectivity-validator-test --set namespace=$(NAMESPACE) | kubectl delete -f -
+	kubectl delete ns $(NAMESPACE) --ignore-not-found
+
+
+

tests/Makefile.test-application-gateway

@@ -0,0 +1,82 @@
+# -*- mode: PWDmakefile -*-
+
+NAMESPACE ?= test
+GOPATH ?= $(shell go env GOPATH)
+
+MOCK_SERVICE_NAME="mock-application"
+APP_URL = "$(MOCK_SERVICE_NAME).$(NAMESPACE).svc.cluster.local"
+TEST_TIMEOUT = "3m"
+MAKEFILE_NAME=Makefile.test-application-gateway
+
+.PHONY: test clean
+.PHONY: test-gateway test-gateway-debug clean-gateway-test disable-sidecar-for-mtls-test enable-sidecar-after-mtls-test generate-certs
+
+test: test-gateway
+clean: clean-gateway-test
+
+test-gateway: disable-sidecar-for-mtls-test generate-certs create-resources
+	@echo "::group::test-gateway"
+	if kubectl wait --for=condition=complete --timeout=$(TEST_TIMEOUT) -n $(NAMESPACE) job/application-gateway-test; then \
+	echo "Success! Results:"; \
+	${PWD}/scripts/check-pod-logs.sh application-gateway-test; \
+	$(MAKE) clean-gateway-test -f ${PWD}/tests/$(MAKEFILE_NAME); \
+	else \
+	echo "Tests failed! Results:"; \
+	${PWD}/scripts/check-pod-logs.sh application-gateway-test; \
+	$(MAKE) clean-gateway-test -f ${PWD}/tests/$(MAKEFILE_NAME); \
+	exit 1; \
+	fi
+	@echo "::endgroup::"
+
+test-gateway-debug: disable-sidecar-for-mtls-test generate-certs create-resources
+	@echo "::group::test-gateway-debug"
+	kubectl wait --for=condition=complete --timeout=$(TEST_TIMEOUT) -n $(NAMESPACE) job/application-gateway-test
+	@echo "Results:"
+	${PWD}/scripts/check-pod-logs.sh application-gateway-test
+	@echo "::endgroup::"
+
+create-resources:
+	@echo "::group::create-resources"
+	kubectl create namespace $(NAMESPACE) --dry-run=client -o yaml | kubectl apply -f -
+	kubectl label namespace $(NAMESPACE) istio-injection=enabled --overwrite
+	@echo "::group::create-resources::install-mock-app"
+	helm template ${PWD}/tests/resources/charts/gateway-test/charts/mock-app \
+		--set global.namespace=$(NAMESPACE) \
+		--set mockServiceName=$(MOCK_SERVICE_NAME) \
+		--values ${PWD}/tests/resources/charts/gateway-test/values.yaml \
+		| kubectl apply -f -
+	kubectl rollout status deployment mock-application -n test --timeout=90s
+	@echo "::endgroup::"
+	@echo "::group::create-resources::install-mock-app"
+	helm template ${PWD}/tests/resources/charts/gateway-test/charts/test \
+		--set namespace=$(NAMESPACE) \
+		--set mockServiceName=$(MOCK_SERVICE_NAME) \
+		--values ${PWD}/tests/resources/charts/gateway-test/values.yaml \
+		| kubectl apply -f -
+	@echo "::endgroup::"
+	@echo "::endgroup::"
+
+clean-gateway-test:
+	@echo "::group::clean-gateway-test"
+	helm template ${PWD}/../../resources/charts/gateway-test --set namespace=$(NAMESPACE) | kubectl delete -f -
+	kubectl delete ns $(NAMESPACE) --ignore-not-found
+	@echo "::endgroup::"
+
+disable-sidecar-for-mtls-test:
+	@echo "::group::disable-sidecar-for-mtls-test"
+	kubectl -n kyma-system patch deployment central-application-gateway -p '{"spec":{"template":{"metadata":{"annotations":{"traffic.sidecar.istio.io/excludeOutboundPorts": "8090,8091"}}}}}'
+	kubectl rollout status deploy central-application-gateway -n kyma-system --timeout=1m
+	@echo "::endgroup::"
+
+enable-sidecar-after-mtls-test:
+	@echo "::group::enable-sidecar-for-mtls-test"
+	kubectl -n kyma-system patch deployment central-application-gateway --type=json --patch '[{ "op": "remove", "path": "/spec/template/metadata/annotations/traffic.sidecar.istio.io~1excludeOutboundPorts"}]'
+	@echo "::endgroup::"
+
+generate-certs:
+	@echo "::group::generate-certs"
+	${PWD}/tests/scripts/generate-self-signed-certs.sh $(APP_URL) ${PWD}/tests/resources/charts/gateway-test/charts/test/certs/positive
+	${PWD}/tests/scripts/generate-self-signed-certs.sh $(APP_URL) ${PWD}/tests/resources/charts/gateway-test/charts/test/certs/negative
+	${PWD}/tests/scripts/generate-self-signed-certs.sh test-other-ca ${PWD}/tests/resources/charts/gateway-test/charts/test/certs/invalid-ca
+	cp -p -R ${PWD}/tests/resources/charts/gateway-test/charts/test/certs ${PWD}/tests/resources/charts/gateway-test/charts/mock-app
+	@echo "::endgroup::"

tests/Makefile.test-compass-runtime-agent

@@ -0,0 +1,38 @@
+# -*- mode: Makefile -*-
+
+NAMESPACE ?= test
+GOPATH ?= $(shell go env GOPATH)
+DIRECTOR_URL=https://compass-gateway-auth-oauth.$(COMPASS_HOST)/director/graphql
+TOKENS_ENDPOINT=https://oauth2.${COMPASS_HOST}/oauth2/token
+
+COMPASS_TEST_IMAGE = "$(DOCKER_PUSH_REPOSITORY)$(DOCKER_PUSH_DIRECTORY)/compass-runtime-agent-test:$(DOCKER_TAG)"
+
+.PHONY: release test image clean
+.PHONY: test-compass-runtime-agent test-compass-runtime-agent-debug clean-compass-runtime-agent-test image-compass-runtime-agent-test publish-compass-runtime-agent-test
+
+test: test-compass-runtime-agent
+clean: clean-compass-runtime-agent-test
+
+test-compass-runtime-agent: test-compass-runtime-agent-debug clean-compass-runtime-agent-test
+
+test-compass-runtime-agent-debug:
+	@echo $(GOPATH)/bin/go-junit-report --help
+	kubectl create namespace $(NAMESPACE) --dry-run=client -o yaml | kubectl apply -f -
+	kubectl label namespace $(NAMESPACE) istio-injection=enabled --overwrite
+
+	@helm template resources/charts/compass-runtime-agent-test \
+	--set namespace=$(NAMESPACE) \
+	--set compassCredentials.clientID=$(COMPASS_CLIENT_ID) \
+	--set compassCredentials.clientSecret=$(COMPASS_CLIENT_SECRET) \
+	--set compassCredentials.tokensEndpoint=$(TOKENS_ENDPOINT) \
+	--set directorUrl=$(DIRECTOR_URL) \
+    | kubectl apply -f -
+
+	@echo ""
+	@echo "Compass test results:"
+
+	./scripts/check-pod-logs.sh compass-runtime-agent-test
+
+clean-compass-runtime-agent-test:
+	helm template resources/charts/compass-runtime-agent-test  | kubectl delete -f -
+	kubectl delete ns $(NAMESPACE) --ignore-not-found

tests/README.md

@@ -0,0 +1,6 @@
+# Component tests for Application Connector
+
+There are the following component tests for Application Connector:
+- [Application Gateway](docs/application-gateway-tests.md)
+- [Application Connectivity Validator](docs/application-connectivity-validator-tests.md)
+- [Compass Runtime Agent](docs/compass-runtime-agent-tests.md)