Skip to content

Commit

Permalink
Revert "Remove tests as they are not actually testing"
Browse files Browse the repository at this point in the history 
This reverts commit 04de79e.
  • Loading branch information
@dd-gplassard
dd-gplassard committed Sep 23, 2024
1 parent 04de79e commit 8a47e13
Show file tree
Hide file tree
Showing 4 changed files with 374 additions and 0 deletions.
1 change: 1 addition & 0 deletions .github/CODEOWNERS
View file
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
Expand Up @@ -18,3 +18,4 @@ charts/datadog/templates/system-probe-configmap.yaml @DataDog/ebpf-platform @D
charts/synthetics-private-location/ @Datadog/synthetics
charts/observability-pipelines-worker @DataDog/observability-pipelines
charts/private-action-runner @DataDog/action-platform
test/private-action-runner @DataDog/action-platform
168 changes: 168 additions & 0 deletions test/private-action-runner/baseline/Kubernetes_Actions.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,168 @@
---
# Source: private-action-runner/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: "private-action-runner-default-serviceaccount"
namespace: datadog-agent
---
# Source: private-action-runner/templates/secrets.yaml
apiVersion: v1
kind: Secret
metadata:
name: "private-action-runner-default-secrets"
namespace: datadog-agent
stringData:
config.yaml: |
ddBaseURL: https://app.datadoghq.com
urn: CHANGE_ME_URN_FROM_CONFIG
privateKey: CHANGE_ME_PRIVATE_KEY_FROM_CONFIG
modes:
- workflowAutomation
- appBuilder
port: 9016
actionsAllowlist:
- com.datadoghq.kubernetes.apps.getControllerRevision
- com.datadoghq.kubernetes.apps.listControllerRevision
- com.datadoghq.kubernetes.apps.createControllerRevision
- com.datadoghq.kubernetes.apps.updateControllerRevision
- com.datadoghq.kubernetes.apps.patchControllerRevision
- com.datadoghq.kubernetes.apps.deleteControllerRevision
- com.datadoghq.kubernetes.apps.deleteMultipleControllerRevisions
- com.datadoghq.kubernetes.apps.restartDeployment
- com.datadoghq.kubernetes.core.patchEndpoints
- com.datadoghq.kubernetes.core.getPod
- com.datadoghq.kubernetes.core.listPod
- com.datadoghq.kubernetes.customresources.deleteMultipleCustomObjects
---
# Source: private-action-runner/templates/role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
namespace: datadog-agent
name: "private-action-runner-default-role"
rules:
- apiGroups:
- example.com
resources:
- tests
verbs:
- list
- get
- create
- patch
- update
- delete
- apiGroups:
- apps
resources:
- controllerrevisions
verbs:
- get
- list
- create
- update
- patch
- delete
- apiGroups:
- apps
resources:
- deployments
verbs:
- patch
- apiGroups:
- ""
resources:
- endpoints
verbs:
- patch
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
---
# Source: private-action-runner/templates/rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: "private-action-runner-default-rolebinding"
namespace: datadog-agent
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: "private-action-runner-default-role"
subjects:
- kind: ServiceAccount
name: "private-action-runner-default-serviceaccount"
namespace: datadog-agent
---
# Source: private-action-runner/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: "private-action-runner-default-service"
namespace: datadog-agent
spec:
selector:
service: "private-action-runner-default-service"
ports:
- name: http
port: 9016
targetPort: 9016
---
# Source: private-action-runner/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: "private-action-runner-default"
namespace: datadog-agent
labels:
service: "private-action-runner-default-service"
app: "private-action-runner-default"
spec:
minReadySeconds: 10
replicas: 1
selector:
matchLabels:
app: "private-action-runner-default"
template:
metadata:
labels:
app: "private-action-runner-default"
service: "private-action-runner-default-service"
annotations:
config-hash: bda02d4e95c0ab1a984e62d87be14d65768d938dc3ff2e59342961b37acf25fb
spec:
serviceAccountName: "private-action-runner-default-serviceaccount"
tolerations:
- effect: NoSchedule
key: node
operator: Equal
value: nodeless
containers:
- name: runner
image: "us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.1.0-beta"
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 9016
resources:
limits:
cpu: 250m
memory: 2Gi
requests:
cpu: 250m
memory: 2Gi
volumeMounts:
- name: secrets
mountPath: /etc/dd-action-runner
env:
- name: MANAGED_BY
value: "helm"
volumes:
- name: secrets
secret:
secretName: "private-action-runner-default-secrets"
124 changes: 124 additions & 0 deletions test/private-action-runner/baseline/Private_Action_Runner_default.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,124 @@
---
# Source: private-action-runner/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: "private-action-runner-default-serviceaccount"
namespace: datadog-agent
---
# Source: private-action-runner/templates/secrets.yaml
apiVersion: v1
kind: Secret
metadata:
name: "private-action-runner-default-secrets"
namespace: datadog-agent
stringData:
config.yaml: |
ddBaseURL: https://app.datadoghq.com
urn: CHANGE_ME_URN_FROM_CONFIG
privateKey: CHANGE_ME_PRIVATE_KEY_FROM_CONFIG
modes:
- workflowAutomation
- appBuilder
port: 9016
actionsAllowlist:
- com.datadoghq.kubernetes.core.getPod
- com.datadoghq.kubernetes.core.listPod
---
# Source: private-action-runner/templates/role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
namespace: datadog-agent
name: "private-action-runner-default-role"
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
---
# Source: private-action-runner/templates/rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: "private-action-runner-default-rolebinding"
namespace: datadog-agent
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: "private-action-runner-default-role"
subjects:
- kind: ServiceAccount
name: "private-action-runner-default-serviceaccount"
namespace: datadog-agent
---
# Source: private-action-runner/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: "private-action-runner-default-service"
namespace: datadog-agent
spec:
selector:
service: "private-action-runner-default-service"
ports:
- name: http
port: 9016
targetPort: 9016
---
# Source: private-action-runner/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: "private-action-runner-default"
namespace: datadog-agent
labels:
service: "private-action-runner-default-service"
app: "private-action-runner-default"
spec:
minReadySeconds: 10
replicas: 1
selector:
matchLabels:
app: "private-action-runner-default"
template:
metadata:
labels:
app: "private-action-runner-default"
service: "private-action-runner-default-service"
annotations:
config-hash: 38d507cd658bf8dcb55de19e2b1f8adac892783287bbbc1c74c33303d420f41a
spec:
serviceAccountName: "private-action-runner-default-serviceaccount"
tolerations:
- effect: NoSchedule
key: node
operator: Equal
value: nodeless
containers:
- name: runner
image: "us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.1.0-beta"
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 9016
resources:
limits:
cpu: 250m
memory: 2Gi
requests:
cpu: 250m
memory: 2Gi
volumeMounts:
- name: secrets
mountPath: /etc/dd-action-runner
env:
- name: MANAGED_BY
value: "helm"
volumes:
- name: secrets
secret:
secretName: "private-action-runner-default-secrets"
81 changes: 81 additions & 0 deletions test/private-action-runner/baseline_test.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
package private_action_runner

import (
appsv1 "k8s.io/api/apps/v1"
rbacv1 "k8s.io/api/rbac/v1"
"testing"

"github.com/DataDog/helm-charts/test/common"
"github.com/google/go-cmp/cmp"
"github.com/stretchr/testify/assert"
corev1 "k8s.io/api/core/v1"
)

func Test_baseline_manifests(t *testing.T) {
tests := []struct {
name string
command common.HelmCommand
baselineManifestPath string
assertions func(t *testing.T, baselineManifestPath, manifest string)
}{
{
name: "Private Action Runner default",
command: common.HelmCommand{
ReleaseName: "private-action-runner",
ChartPath: "../../charts/private-action-runner",
Values: []string{"../../charts/private-action-runner/values.yaml"},
Overrides: map[string]string{},
},
baselineManifestPath: "./baseline/Private_Action_Runner_default.yaml",
assertions: verifyPrivateActionRunner,
},
{
name: "Enable kubernetes actions",
command: common.HelmCommand{
ReleaseName: "private-action-runner",
ChartPath: "../../charts/private-action-runner",
Values: []string{"../../charts/private-action-runner/values.yaml"},
Overrides: map[string]string{
"runners[0].kubernetesActions.controllerRevisions": "{get,list,create,update,patch,delete,deleteMultiple}",
"runners[0].kubernetesActions.customObjects": "{deleteMultiple}",
"runners[0].kubernetesActions.deployments": "{restart}",
"runners[0].kubernetesActions.endpoints": "{patch}",
"runners[0].kubernetesPermissions[0].apiGroups": "{example.com}",
"runners[0].kubernetesPermissions[0].resources": "{tests}",
"runners[0].kubernetesPermissions[0].verbs": "{list,get,create,patch,update,delete}",
},
},
baselineManifestPath: "./baseline/Kubernetes_Actions.yaml",
assertions: verifyPrivateActionRunner,
},
}

for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
manifest, err := common.RenderChart(t, tt.command)
assert.Nil(t, err, "couldn't render template")
t.Log("update baselines", common.UpdateBaselines)
if common.UpdateBaselines {
common.WriteToFile(t, tt.baselineManifestPath, manifest)
}

tt.assertions(t, tt.baselineManifestPath, manifest)
})
}
}

func verifyPrivateActionRunner(t *testing.T, baselineManifestPath, manifest string) {
verifyBaseline(t, baselineManifestPath, manifest, appsv1.Deployment{}, appsv1.Deployment{})
verifyBaseline(t, baselineManifestPath, manifest, rbacv1.ClusterRole{}, rbacv1.ClusterRole{})
verifyBaseline(t, baselineManifestPath, manifest, rbacv1.RoleBinding{}, rbacv1.RoleBinding{})
verifyBaseline(t, baselineManifestPath, manifest, corev1.Secret{}, corev1.Secret{})
verifyBaseline(t, baselineManifestPath, manifest, corev1.Service{}, corev1.Service{})
verifyBaseline(t, baselineManifestPath, manifest, corev1.ServiceAccount{}, corev1.ServiceAccount{})
}

func verifyBaseline[T any](t *testing.T, baselineManifestPath, manifest string, baseline, actual T) {
common.Unmarshal(t, manifest, &actual)
common.LoadFromFile(t, baselineManifestPath, &baseline)

assert.True(t, cmp.Equal(baseline, actual, cmp.Options{}), cmp.Diff(baseline, actual))
}

0 comments on commit 8a47e13

Please sign in to comment.